Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly handle file paths with sites/:id #1963

Merged
merged 5 commits into from
Feb 9, 2021
Merged

Properly handle file paths with sites/:id #1963

merged 5 commits into from
Feb 9, 2021

Conversation

mjangda
Copy link
Member

@mjangda mjangda commented Jan 28, 2021
edited
Loading

Those need to be stripped out as well since the files paths are stored in postmeta without it.

Changelog Description

Private Files: Handle /sites/ paths for Private Files

We've added a fix that properly handles files with a subsite path (e.g. /wp-content/uploads/sites/4/2021/01/unpublished.jpg) with our Private Files feature. We now strip the sites/:id portion of the path before forwarding the request to WordPress.

Checklist

Please make sure the items below have been covered before requesting a review:

  • This change works and has been tested locally (or has an appropriate fallback).
  • This change works and has been tested on a Go sandbox.
  • This change has relevant unit tests (if applicable).
  • n/a This change has relevant documentation additions / updates (if applicable).
  • I've created a changelog description that aligns with the provided examples.

Steps to Test

See unit tests.

@mjangda mjangda requested a review from a team as a code owner January 28, 2021 23:20
rinatkhaziev
rinatkhaziev requested changes Jan 29, 2021
View reviewed changes
Copy link
Contributor

@rinatkhaziev rinatkhaziev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! There's a minor readability suggestion, otherwise looks good!

files/acl/pre-wp-utils.php Outdated Show resolved Hide resolved
@mjangda
Copy link
Member Author

mjangda commented Feb 6, 2021

This needs to be re-thought because of changes in #1975

We can probably handle the stripping to unpublished-files instead since that's the only thing impacted right now.

@mjangda
Properly handle file paths with sites/:id
caf97ee 
Those need to be stripped out as well since the files paths are stored
in postmeta without it.
@mjangda mjangda added [Component] Security ChangelogTagID: 801 and removed [Status] In Progress labels Feb 6, 2021
@mjangda mjangda force-pushed the fix/acl-subsite-paths branch from 79e9e31 to caf97ee Compare February 6, 2021 06:25
@mjangda
Copy link
Member Author

mjangda commented Feb 6, 2021

Re-thought and should be all good now.

@mjangda mjangda requested a review from a team February 6, 2021 06:38
rinatkhaziev
rinatkhaziev requested changes Feb 6, 2021
View reviewed changes
Copy link
Contributor

@rinatkhaziev rinatkhaziev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mjangda there's a couple of notes, mostly chores/clerical stuff, but I feel like it's better to address this right away for the sake of our future selves.

files/acl/restrict-unpublished-files.php Outdated Show resolved Hide resolved
@rinatkhaziev rinatkhaziev merged commit 982daa9 into master Feb 9, 2021
@rinatkhaziev rinatkhaziev deleted the fix/acl-subsite-paths branch February 9, 2021 03:09
@rinatkhaziev
Copy link
Contributor

r1379-stacks

@brandon-m-skinner brandon-m-skinner added the [Component] File Access Control ChangelogTagID: 66191914 label Feb 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rinatkhaziev rinatkhaziev rinatkhaziev approved these changes

@brandon-m-skinner brandon-m-skinner brandon-m-skinner left review comments

Assignees
No one assigned
Labels
[Component] File Access Control ChangelogTagID: 66191914 [Component] Security ChangelogTagID: 801 [Status] Deployed to production
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mjangda @rinatkhaziev @brandon-m-skinner @netsuso